CVE-2020-13612
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2020-13612
[월:] 2021년 03월
CVE-2020-13604
CVE-2020-13604
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2020-13604
CVE-2021-22864
CVE-2021-22864
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.
Source: CVE-2021-22864
CVE-2021-3409
CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Source: CVE-2021-3409
CVE-2021-28824
CVE-2021-28824
The Windows Installation component of TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition, TIBCO ActiveSpaces – Developer Edition, and TIBCO ActiveSpaces – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces – Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces – Enterprise Edition: versions 4.5.0 and below.
Source: CVE-2021-28824
CVE-2021-28823
CVE-2021-28823
The Windows Installation component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.5.0 and below, TIBCO eFTL – Developer Edition: versions 6.5.0 and below, and TIBCO eFTL – Enterprise Edition: versions 6.5.0 and below.
Source: CVE-2021-28823
CVE-2021-28821
CVE-2021-28821
The Windows Installation component of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.5.1 and below.
Source: CVE-2021-28821
CVE-2021-28822
CVE-2021-28822
The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.5.1 and below.
Source: CVE-2021-28822
CVE-2021-28100
CVE-2021-28100
Priam uses File.createTempFile, which gives the permissions on that file -rw-r–r–. An attacker with read access to the local filesystem can read anything written there by the Priam process.
Source: CVE-2021-28100
CVE-2021-28099
CVE-2021-28099
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.
Source: CVE-2021-28099